<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">gnutls-cli v3.6.7.1 fails when built using mingw (works with v3.5.19)</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">3.6.7.1</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">Built locally</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>Build gnutls using spec file attached</li>
<li>Run gnutls-cli -d 3 <a href="http://www.google.co.uk" rel="nofollow noreferrer noopener" target="_blank">www.google.co.uk</a>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">Processed 0 CA certificate(s).
Resolving 'www.google.co.uk:443'...
Connecting to '216.58.212.99:443'...
|<2>| Initializing needed PKCS <a href="https://gitlab.com/gnutls/gnutls/issues/11" data-original="#11" data-link="false" data-link-reference="false" data-project="179611" data-issue="240725" data-reference-type="issue" data-container="body" data-placement="bottom" title="Gnutls should use MSG_NOSIGNAL when writing to a socket" class="gfm gfm-issue has-tooltip">#11</a> modules
|<2>| p11: Initializing module: p11-kit-trust
|<2>| p11: No login requested.
|<3>| p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
|<3>| p11 attrs: CKA_TRUSTED
|<3>| p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
|<3>| ASSERT: ../../lib/pkcs11.c[find_multi_objs_cb]:3101
|<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list
|<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
|<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
|<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
|<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
|<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
|<2>| Advertizing version 3.4
|<2>| Advertizing version 3.3
|<2>| Advertizing version 3.2
|<2>| Advertizing version 3.1
|<2>| HSK[0000000000530320]: sent server name: 'www.google.co.uk'
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464
|<2>| WRITE: -1 returned from 000000000022eae0, errno: 0
|<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722
|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:2973
*** Fatal error: Error in the push function.
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464
|<2>| WRITE: -1 returned from 000000000022eae0, errno: 0
|<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722
|<3>| ASSERT: ../../lib/record.c[_gnutls_send_tlen_int]:574
Could not connect to 216.58.212.99:443: Bad file descriptor</p>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">Processed 0 CA certificate(s).
Resolving 'www.google.co.uk'...
Connecting to '216.58.206.67:443'...</p>
<ul dir="auto">
<li>
<p>Certificate type: X.509</p>
</li>
<li>
<p>Got a certificate list of 2 certificates.</p>
</li>
<li>
<p>Certificate[0] info:</p>
</li>
<li>
<p>subject <code>C=US,ST=California,L=Mountain View,O=Google LLC,CN=www.google.co.uk', issuer</code>C=US,O=Google Trust Services,CN=Google
Internet Authority G3', RSA key 2048 bits, signed using RSA-SHA256, activated
<code>2019-03-01 09:34:53 UTC', expires</code>2019-05-24 09:25:00 UTC', SHA-1 fingerprint
`9da50c1e55eac98d35f2fdd72cdb1f75d21c25cd'
Public Key ID:
e0128e3442a67b393f7f59a6648bd67cf087fd13
Public key's random art:
+--[ RSA 2048]----+
| o               |
|+                |
|o o . .          |
| + = o .         |
|. = o . S        |
| . o .  + o   E  |
|    o  * O o   . |
|     oo B + o .  |
|     ... . . ... |
+-----------------+</p>
</li>
<li>
<p>Certificate[1] info:</p>
</li>
<li>
<p>subject <code>C=US,O=Google Trust Services,CN=Google Internet Authority G3', issuer</code>OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign', RSA key 2048
bits, signed using RSA-SHA256, activated <code>2017-06-15 00:00:42 UTC', expires</code>2021-12-15 00:00:42 UTC', SHA-1 fingerprint
`eeacbd0cb452819577911e1e6203db262f84a318'</p>
</li>
<li>
<p>Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.</p>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-analysis" class="anchor" href="#analysis" aria-hidden="true"></a>Analysis</h2>
<p dir="auto">See attached debug session and note in particular the value of hd passed to socket_open2() and the value of fd passed to _gnutls_writev_emu(). Clearly the correct value of fd should be hd->fd rather than hd itself, but I don't know enough about the internals of gnutls to hazard a guess as to where this should be occurring.</p>
<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/uploads/1d8457da791daeb7447f9635c0ed4c2c/mingw-gnutls.spec">mingw-gnutls.spec</a><a href="https://gitlab.com/gnutls/gnutls/uploads/88bd736c65168b279078badaff765afb/gnutls.typescript">gnutls.typescript</a><a href="https://gitlab.com/gnutls/gnutls/uploads/1b9d5f8b6ef0c250972c98a787fdd3b3/debug-session.txt">debug-session.txt</a></p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/751">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/30e1af930f719a4f680773294faee48b/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/751"}}</script>

</p>
</div>
</body>
</html>